Data Encryption Standard (DES) is a well-known symmetric cipher and also the first modern commercial-grade algorithm with open and fully specified implementation details. DES consists of a Feistel network iterated 16 times with the block size of 64 bits and the effective key size of 56 bits.
Triple Data Encryption Standard (TDES) is a revised symmetric algorithm scheme built on the DES system. TDES encryption process includes three consecutive DES operations in the encryption, decryption, and encryption (E-D-E) sequence again in accordance with the American standard FIPS 46-3.
Although the functions that support TDES operations require three sets of round keys, the functions can operate under TDES cipher system with a two-set round keys by simply setting the third set of round keys to be the same as the first set.
You can use the functions described in this section for performing various operational modes under the DES/TDES cipher systems.
Table “Intel IPP DES/TDES Functions” lists Intel IPP DES/TDES functions:
| Function Base Name | Operation |
|---|---|
| DES Functions | |
| DESGetSize | Gets the size of the IppsDESSpec context. |
| DESInit | Initializes user-supplied memory as IppsDESSpec context for future use. |
| DESPack, DESUnpack | Packs/unpacks the IppsDESSpec context into/from a user-defined buffer. |
| DESEncryptECB | Encrypts a variable length data stream in the ECB mode. |
| DESDecryptECB | Decrypts a variable length data stream in the ECB mode. |
| DESEncryptCBC | Encrypts a variable length data stream in the CBC mode. |
| DESDecryptCBC | Decrypts a variable length data stream in the CBC mode. |
| DESEncryptCFB | Encrypts a variable length data stream in the CFB mode. |
| DESDecryptCFB | Decrypts a variable length data stream in the CFB mode. |
| DESEncryptOFB | Encrypts a variable length data stream in the OFB mode. |
| DESDecryptOFB | Decrypts a variable length data stream in the OFB mode. |
| DESEncryptCTR | Encrypts a variable length data stream in the CTR mode. |
| DESDecryptCTR | Decrypts a variable length data stream in the CTR mode. |
| TDES Functions | |
| TDESEncryptECB | Encrypts variable length data stream in the ECB mode. |
| TDESDecryptECB | Decrypts variable length data stream in the ECB mode. |
| TDESEncryptCBC | Encrypts variable length data stream in the CBC mode. |
| TDESDecryptCBC | Decrypts variable length data stream in the CBC mode. |
| TDESEncryptCFB | Encrypts variable length data stream in the CFB mode. |
| TDESDecryptCFB | Decrypts variable length data stream in the CFB mode. |
| TDESEncryptOFB | Encrypts variable length data stream in the OFB mode. |
| TDESDecryptOFB | Decrypts variable length data stream in the OFB mode. |
| TDESEncryptCTR | Encrypts a variable length data stream in the CTR mode. |
| TDESDecryptCTR | Decrypts a variable length data stream in the CTR mode. |
Note
Intel IPP functions for cryptography operations do not allocate memory internally. The function GetSize does not require allocated memory. You need to call the function GetSize to find out how much available memory you need to have to work with the selected algorithm and after that you call the initialization function to create a memory buffer and initialize it.
Intel IPP for cryptography supports ECB, CBC, CFB, and CTR modes. You can tell which algorithm a given function supports from the function base name, for example, the function DESEncryptECB operates under the ECB mode for DES encryption and the function TDESEncryptECB operates under the ECB mode under the TDES scheme.
The encryption functions DESEncryptCBC and TDESEncryptCBC operate under the CBC mode using their respective cipher scheme and require to have an initialization vector iv. Since there exists a number of ways to initialize the initialization vector iv, you should remember which of these ways you used to be able to decrypt the message when needed.
Functions DESEncryptCFB and TDESEncryptCFB operate under CFB mode for encryption using their respective cipher scheme, both require having the initialization vector pIV, and CFB block size cfbBlkSize.
All functions described in this section use the context IppsDESSpec to serve as an operational vehicle that carries a set of round keys.
The application code for conducting a typical encryption under CBC mode using the TDES scheme must perform the following sequence of operations:
- Get the size required to configure the context IppsDESSpec by calling the function DESGetSize.
- Call operating system memory allocation service function to allocate three buffers whose sizes are not less than the one specified by the function DESGetSize. Initialize pointers to contexts pCtx1, pCtx2, and pCtx3 by calling the function DESInit three times, each with the allocated buffer and the respective DES key.
- Specify the initialization vector and then call the function TDESEncryptCBC to encrypt the input data stream under CBC mode using TDES scheme.
- Free the memory allocated to the buffer once TDES encryption under the CBC mode has been completed and the data structures allocated for set of round keys are no longer required.
Note
Similar procedure can be applied for ECB, CFB, and CTR mode operation.
The IppsDESSpec context is position-dependent. The DESpack/DESUnpack functions transform the position-dependent context to a position-independent form and vice versa.